Application Tier

Cross-site Scripting

Cross-site scripting (XSS) occurs when an attacker injects malicious code (typically JavaScript) into a website to take advantage of site visitors. Once the script is injected, the browser of every visitor to that site executes the malicious code, which can carry out various tasks such as stealing the user’s cookie (so the attacker can impersonate that user), redirecting the user to another malicious website, stealing the user’s login credentials, changing the behavior of the website itself, or forcing the user to take an action (like clicking a button) on the malicious site they’re directed to. XSS attacks are particularly sinister because they take advantage of the trust relationship between a user and the website and often occur simply because the user visits the infected site.

Need-to-Know

Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.